Stephen Frost wrote: > Unfortunately, Postgres doesn't currently encrypt pg_shadow and even if > it did you'd have to have the password stored on disk somewhere in the > clear if you wanted the database to start automatically, which is more > important if you havn't got backup databases and whatnot (which aren't > really as easy to set up w/ Postgres and generally Postgres requires > more disk space than a KDC).
Yeah, but who cares? If the attacker has enough access to the box that they can grab the stored master password, then they can modify the postgresql binaries and intercept the salt information (at a minimum) as it's being sent to the client anyway. That's because in any sane implementation, you'd store the master password in a root-readable-only file, and have Postgres start up as root, grab the password, and then immediately setuid() to the postgres account, so that accessing the database itself isn't enough to allow you to compromise the master password. If they can grab the master password with that setup, then they have root on the box anyway and can do anything they want. -- Kevin Brown [EMAIL PROTECTED] ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly